US12561415B2ActiveUtilityA1
Generation of cryptographic keys
Est. expiryAug 26, 2040(~14.1 yrs left)· nominal 20-yr term from priority
G06F 21/602H04L 63/0861H04L 63/062G06F 21/73H04L 9/3278H04L 9/0869H04L 9/0866G06F 21/32H04L 9/3231
47
PatentIndex Score
0
Cited by
8
References
24
Claims
Abstract
There is provided mechanisms for generating a cryptographic key for a user. The method is performed by a cryptographic key generator device. The method comprises authenticating the user using biometrics data read from the user using a biometrics reader. The method comprises obtaining, only when having authenticated the user, a PUF response from a PUF entity by providing a challenge based on biometrics response data to the PUF entity. The biometrics response data is a function of the biometrics data. The method comprises generating the cryptographic key using a cryptographic function and by seeding the cryptographic function with the PUF response.
Claims
exact text as granted — not AI-modifiedThe invention claimed is:
1 . A method for generating a cryptographic key (K) for a user, the method being performed by a cryptographic key generator device, the method comprising:
authenticating the user using biometrics data (I, J) read from the user using a biometrics reader; obtaining, only when having authenticated the user, a Physically Unclonable Function (PUF) response (P) from a PUF entity by providing a challenge (C) based on biometrics response data (R*) to the PUF entity, wherein the biometrics response data (R*) is a function of the biometrics data (I, J); and generating the cryptographic key (K) using a cryptographic function (F) and by seeding the cryptographic function (F) with the PUF response (P), wherein the method further comprises reading a user-defined input string as provided by the user, wherein the PUF response (P) is a biometrical and user-defined unique PUF response (P) obtained by providing the user-defined input string and the biometrics response data (R*) as a joint challenge (C) to the PUF entity.
2 . The method according to claim 1 , wherein authenticating the user comprises:
extracting a set of biometric features(S) from the biometrics data (I, J); transforming the set of biometric features(S) into transformed biometrics data (R); and authenticating the user when the cryptographic key generator device can find stored biometrics response data (R*) that fulfils a matching criterion for the transformed biometrics data (R).
3 . The method according to claim 2 , wherein the stored biometrics response data (R*) that fulfils the matching criterion equals the biometrics response data (R*) that is a function of the biometrics data (I, J).
4 . The method according to claim 1 , wherein authenticating the user comprises:
extracting a set of biometric features(S) from the biometrics data (I, J); authenticating the user when the cryptographic key generator device can find stored a stored template of biometrics data (T) that fulfils a matching criterion for the set of biometric features(S).
5 . The method according to claim 4 , wherein each stored template (T) of the biometrics data (I, J) is associated with biometrics response data (R*).
6 . The method according to claim 2 , wherein the set of biometric features(S) is subjected to error correction.
7 . The method according to claim 2 , wherein the set of biometric features(S) is not subjected to error correction.
8 . The method according to claim 1 , wherein authenticating the user is independent from the user-defined input string.
9 . The method according to claim 1 , wherein biometrics data (I, J) of the user from at least two separate biometric input sources are combined when authenticating the user.
10 . The method according to claim 1 , wherein the data being a function of the biometrics data (I, J) is a function of biometrics data (I, J) of the user from at least two separate biometric input sources.
11 . The method according to claim 9 , wherein there at least two separate biometric input sources of different types.
12 . The method according to claim 9 , wherein there at least two separate biometric input sources of same type.
13 . A cryptographic key generator device for generating a cryptographic key (K) for a user, the cryptographic key generator device comprising processing circuitry, the processing circuitry being configured to cause the cryptographic key generator device to:
authenticate the user using biometrics data (I, J) read from the user using a biometrics reader; obtain, only when having authenticated the user, a Physically Unclonable Function (PUF) response (P) from a PUF entity by providing a challenge (C) based on biometrics response data (R*) to the PUF entity, wherein the biometrics response data (R*) is a function of the biometrics data (I, J); and generate the cryptographic key (K) using a cryptographic function (F) and by seeding the cryptographic function (F) with the PUF response (P), wherein the processing circuitry further performs reading a user-defined input string as provided by the user, wherein the PUF response (P) is a biometrical and user-defined unique PUF response (P) obtained by providing the user-defined input string and the biometrics response data (R*) as a joint challenge (C) to the PUF entity.
14 . The cryptographic key generator device of claim 13 , wherein authenticating the user comprises:
extracting a set of biometric features(S) from the biometrics data (I, J); transforming the set of biometric features(S) into transformed biometrics data (R); and authenticating the user when the cryptographic key generator device can find stored biometrics response data (R*) that fulfils a matching criterion for the transformed biometrics data (R).
15 . The cryptographic key generator device of claim 14 , wherein the stored biometrics response data (R*) that fulfils the matching criterion equals the biometrics response data (R*) that is a function of the biometrics data (I, J).
16 . The cryptographic key generator device of claim 13 , wherein authenticating the user comprises:
extracting a set of biometric features(S) from the biometrics data (I, J); authenticating the user when the cryptographic key generator device can find stored a stored template of biometrics data (T) that fulfils a matching criterion for the set of biometric features(S).
17 . The cryptographic key generator device of claim 16 , wherein each stored template (T) of the biometrics data (I, J) is associated with biometrics response data (R*).
18 . The cryptographic key generator device of claim 14 , wherein the set of biometric features(S) is subjected to error correction.
19 . The cryptographic key generator device of claim 14 , wherein the set of biometric features(S) is not subjected to error correction.
20 . The cryptographic key generator device of claim 13 , wherein authenticating the user is independent from the user-defined input string.
21 . The cryptographic key generator device of claim 13 , wherein biometrics data (I, J) of the user from at least two separate biometric input sources are combined when authenticating the user.
22 . The cryptographic key generator device of claim 13 , wherein the data being a function of the biometrics data (I, J) is a function of biometrics data (I, J) of the user from at least two separate biometric input sources.
23 . The cryptographic key generator device of claim 22 , wherein there at least two separate biometric input sources of different types.
24 . The cryptographic key generator device of claim 22 , wherein there at least two separate biometric input sources of same type.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.